None of these guys appears to have any cybersecurity experience.
"Sources tell WIRED that Bobba, Coristine, Farritor, and Shaotran all currently have working GSA emails and A-suite level clearance at the GSA, which means that they work out of the agency’s top floor and have access to all physical spaces and IT systems, according a source with knowledge of the GSA’s clearance protocols."
The Young, Inexperienced Engineers Aiding Elon Musk's Government Takeover
https://www.wired.com/story/elon-musk-government-young-engineers/
=> More informations about this toot | View the thread
"The DOGE personnel demanded to be let in and threatened to call US Marshals to be allowed access, two of the sources said.
Three of the sources said the DOGE personnel wanted to gain access to security systems and personnel files. Two of those sources said also they wanted access to classified information."
Senior USAID security officials put on leave after refusing Musk’s DOGE access to agency systems
https://www.cnn.com/2025/02/02/politics/usaid-officials-leave-musk-doge/index.html?cid=ios_app
=> More informations about this toot | View the thread
https://www.wired.com/story/doge-hr-elon-musk-resignation-fork-road-leaked-staff-meeting/
“One employee expressed concerns that outside actors could send resignation emails on staffers’ behalf by spoofing their email addresses.”
=> More informations about this toot | View the thread
Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection covers
--The 23-year-old who infiltrated a DPRK laptop farm,
--Top tech companies who back the biggest deepfake porn site,
--How the H-1B debate impacts cyber hiring,
--Tech giants decide the supply of secure military digital infrastructure,
--Data brokers who sell pregnancy data,
--How CISO factories are formed
https://www.metacurity.com/best-infosec-related-long-reads-for-the-week-of-1-18-25-2/
=> More informations about this toot | View the thread
It seems almost quaint and parochial now that Musk and his band of teenagers appear to be jeopardizing the entire federal government's cybersecurity, but this piece I wrote in November outlines what experts told me will likely be his DOGE effort's most likely cybersecurity targets.
Musk’s anticipated cost-cutting hacks could weaken American cybersecurity
https://www.csoonline.com/article/3608079/musks-anticipated-cost-cutting-hacks-could-weaken-american-cybersecurity.html
=> More informations about this toot | View the thread
https://arstechnica.com/tech-policy/2025/01/musks-doge-clashes-with-treasury-over-access-to-payment-system-report-says/
Treasury official retires after clash with DOGE over access to payment system
=> More informations about this toot | View the thread
WhatsApp says journalists and civil society members were targets of Israeli spyware
https://www.theguardian.com/technology/2025/jan/31/whatsapp-israel-spyware
=> More informations about this toot | View the thread
Musk has locked OPM workers out of their computer systems.
"We have no visibility into what they are doing with the computer and data systems," one of the officials said. "That is creating great concern. There is no oversight. It creates real cybersecurity and hacking implications."
Exclusive: Musk aides lock government workers out of computer systems at US agency, sources say
https://www.reuters.com/world/us/musk-aides-lock-government-workers-out-computer-systems-us-agency-sources-say-2025-01-31/
=> More informations about this toot | View the thread
Sellers of Anom, the FBI's Secret Backdoored Phone, Plead Guilty
https://www.404media.co/sellers-of-anom-the-fbis-secret-backdoored-phone-plead-guilty/
=> More informations about this toot | View the thread
A lot has happened in what has seemed like an interminable January, so before you head out for the weekend, don't miss today's Metacurity for the most critical infosec developments you should know, including
--Authorities bust up phishing kit peddler HeartSender
--Companies and governments restrict DeepSeek access,
--CISA warns of patient monitoring device malicious backdoor,
--NYC blood center hit by ransomware,
--ChatGPT jailbreak flaw allows weapons and malware creation instructions,
--Criminal gangs still funnel services through US cloud providers,
--much more
https://www.metacurity.com/authorities-bust-up-phishing-kit-peddler-heartsender/
=> More informations about this toot | View the thread
We all like cybernetics, right?
=> More informations about this toot | View the thread
https://www.nbcnews.com/tech/security/powerschool-hack-data-breach-protect-student-school-teacher-safe-rcna189029
No MFA
Children's data hacked after school software firm missed basic security step, internal report says
=> More informations about this toot | View the thread
https://www.axios.com/2025/01/30/house-congress-bans-deepseek-ai
Scoop: Congress bans staff use of DeepSeek
=> More informations about this toot | View the thread
Check out my latest CSO piece that looks at what CISOs should be doing now to get ready for the connected vehicle technology bans that will start to kick in 2027.
Thanks to Dakota Cary of @SentinelOne, Ivan Novikov of WallArm, and Vanessa Miller of Foley for their insight.
https://www.csoonline.com/article/3810545/american-cisos-should-prepare-now-for-the-coming-connected-vehicle-tech-bans.html
=> More informations about this toot | View the thread
If you can't handle the recent rounds of crushing news stories, let Metacurity sift through at least the critical cybersecurity reports for you.
Check out today's Metacurity for the top critical infosec developments you should know, including
--Google’s full-court press on GenAI’s misuse in creating cyber threats
--DeepSeek left critical databases exposed,
--FBI seized Cracked.io and Nulled.to domains,
--Trump's OPM accused of creating insecure email system,
--Hackers stole $10m from DogWifTools,
--Russian group hit Romania,
--Lazarus Group hit hundreds in supply chain attack,
-- NCSC proposes CVSS alternative,
--much more
https://www.metacurity.com/googles-full-court-press-on-genais-misuse-in-creating-cyber-threats/
=> More informations about this toot | View the thread
https://www.wired.com/story/exposed-deepseek-database-revealed-chat-prompts-and-internal-data/
Exposed DeepSeek Database Revealed Chat Prompts and Internal Data
=> More informations about this toot | View the thread
Please read this class-action lawsuit filed against OPM for setting up an insecure email account, HR@opm.gov, to blast messages to all federal employees, the replies to which were sent to an employee of Elon Musk's AI company.
OPM installed email servers in various agencies (god knows how insecure they might have been) to connect to the agencies' email servers so that the emails would look like they were coming from HR.gov and not the agencies themselves.
I want to hear what everything thinks about this.
https://www.scribd.com/document/821503987/OPM-Email-Server-Suit#from_embed
=> More informations about this toot | View the thread
We live in a strange world where the cybersecurity sector seems to be the most rational and calm of them all.
Check out today's Metacurity for the most crucial infosec developments you should know, including
--China, Iran, Russia, and North Korea use Google's Gemini for better cyberattacks
--Engineering giant Smiths hit by a cyberattack,
--Engineering firm ENGlobal says sensitive info stolen during Nov. attack,
--Oz creates health ISAC,
--UK audit office says gov't faces devastating cyberattack threats,
--Apple processors' side-channel flaws could allow sensitive info threat,
--much more
https://www.metacurity.com/china-iran-russia-and-north-korea-use-googles-gemini-for-better-cyberattacks/
=> More informations about this toot | View the thread
https://www.wsj.com/tech/ai/chinese-and-iranian-hackers-are-using-u-s-ai-products-to-bolster-cyberattacks-ff3c5884
“In the past year, dozens of hacking groups in more than 20 countries turned to Google’s Gemini chatbot to assist with malicious code writing, hunts for publicly known cyber vulnerabilities and research into organizations to target for attack, among other tasks, Google’s cyber-threat experts said.”
=> More informations about this toot | View the thread
The Chinese curse of "may you live in interesting times" definitely applies to cybersecurity newsletter writers these days.
Anyway, check out today's Metacurity for the most critical infosec developments you should know, including
--Policymakers are silent so far on DeepSeek's security threats
--DeepSeek claimed it was hit by a cyberattack amid download rush,
--Trump says Microsoft in TikTok purchase talks,
--EU sanctions three hackers for attacks on Estonia,
--London court sentences three for fraud scheme,
--Ukraine denies cyberattack on Slovakia,
--Apple fixes year's first zero day,
--much more
https://www.metacurity.com/policymakers-are-silent-so-far-on-deepseeks-security-threats-2/
=> More informations about this toot | View the thread
=> This profile with reblog | Go to metacurity@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini
